C#通过whenChanged搜索Active Directory? [英] C# Search Active Directory by whenChanged?
问题描述
我试图弄清楚如何对AD进行查询,以查找在某些特定日期/时间之间具有whenChanged日期的用户.我可以使用目录条目或principalContext搜索来进行基本的AD查询,但无法弄清楚如何获得用户 基于扩展属性.
I am trying to figure out how to make a query against AD to find users that have a whenChanged date in between some specific date/time. I can do basic AD queries using with a directory entry or principalContext search but I can't figure out how to get users based on extended properties.
我在Powershell中看到了如何使用的示例,但这在C#中对我没有帮助.
I see exmaples of how to do with in powershell but that doesn't help me in C#. Is this even possible?
推荐答案
此博客文章的一节显示了如何使用System.DirectoryServices查询AD:
This blog post has a section showing how to use System.DirectoryServices to query AD:
https://blogs.msdn.microsoft.com/kaevans/2011/07/04/querying-active-directory/
您指定的过滤器将是标准LDAP语法过滤器.检索AD中所有用户对象的标准过滤器是:
The filter you specify would be a standard LDAP syntax filter. The standard filter to retrieve all user objects in AD is:
(&(objectCategory=person)(objectClass=user))这将被分配给Filter参数(如我链接的博客文章中所示)作为带引号的字符串. whenCreated属性采用GeneralizedTime语法,它是格式为YYYYMMDDhhmmss.0Z的字符串.例如,今天(2017年3月23日)在1:15:23 下午UTC将为"20170323131523.0Z".这使我们能够使用"=".和< ="运算符(大于等于或小于等于)对指定日期之后和/或之前的值进行过滤.您将添加一个子句 对于过滤器中的每个新条件,用括号括起来,所有这些都使用&"添加. AND运算符.对于2017年1月1日之后和2017年3月1日之前创建的所有用户对象,LDAP语法过滤器将为:
This would be assigned to the Filter parameter (as in the blog post I linked) as a quoted string. The whenCreated attribute is in GeneralizedTime syntax, which is a string in the form YYYYMMDDhhmmss.0Z. For example, today (March 23, 2017) at 1:15:23 pm UTC would be "20170323131523.0Z". This allows us to use the ">=" and "<=" operators (greater than or equal to and less than or equal to) to filter on values after and/or before specified dates. You would add a clause in parentheses for each new condition in the filter, all of which are added using the "&" AND operator. For all user objects created after January 1, 2017, and before March 1, 2017, the LDAP syntax filter would be:
(&(objectCategory=person)(objectClass=user)(whenCreated>=20170101000000.0Z)(whenCreated<=20170301000000.0Z))此Wiki文档LDAP语法过滤器,并且允许使用运算符(不允许使用<"和>"):
This Wiki documents LDAP syntax filters, and the operators allowed ("<" and ">" are not allowed):
此Wiki记录了您需要了解的有关GeneralizedTime属性的所有信息,例如whenCreated:
And this Wiki documents all you need to know about GeneralizedTime attributes, like whenCreated:
这篇关于C#通过whenChanged搜索Active Directory?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
